Error code 502 Tunnel
I have a problem that I have been on for days now to fix, going crazy here..
I have a home server running Ubuntu with docker (compose) and pulling images from GitHub (ghcr) to nginx. I have setup a tunnel with ZeroTrust and moved my site to Cloudflare (proxy). I just reinstalled my server to Ubuntu Server, I was using Desktop before.
I am getting 502 errors now and I have been trying everything I can find on the web to fix it. I need help.
My domain is njordstudio.com.
More in comments...
9 Replies
This is my ~/.cloudflared/config.conf
tunnel: <secret>
credentials-file: /home/haffy/.cloudflared/<secret>.json
ingress:
- hostname: www.njordstudio.com
service: https://localhost:443
- hostname: njordstudio.com
service: https://localhost:443
- hostname: ssh.njordstudio.com
service: ssh://localhost:22
- service: http_status:404
This is my nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
# listen [::]:80;
# server_name localhost;
server_name njordstudio.com www.njordstudio.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
# listen [::]:443 ssl;
# server_name localhost;
server_name njordstudio.com www.njordstudio.com;
root /usr/share/nginx/html;
index index.html index.htm;
# location / {
# try_files $uri $uri/ =404;
# }
location / {
try_files $uri $uri/ /index.html;
}
# Error pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# SSL Configuration
ssl_certificate /etc/ssl/cert.crt;
ssl_certificate_key /etc/ssl/private.key;
# TLS Authentication
# ssl_verify_client on;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
}
}
sudo systemctl status cloudflared.service
ā cloudflared.service - Cloudflared Tunnel
Loaded: loaded (/etc/systemd/system/cloudflared.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2024-01-20 23:28:03 CET; 15min ago
Main PID: 37538 (cloudflared)
Tasks: 9 (limit: 4423)
Memory: 15.5M
CPU: 12.831s
CGroup: /system.slice/cloudflared.service
āā37538 /usr/bin/cloudflared tunnel --no-autoupdate --config /home/haffy/.cloudflared/config.yml run
Jan 20 23:28:21 raspberrypi cloudflared[37538]: 2024-01-20T22:28:21Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: tls: failed to verify certificate: x509: certificate is valid for *.njordstudio.com, njordstudio.com, www.njordstudio.com, not localhost" cfRay=8489874b3a9f773d-LHR event=1 ingressRule=0 originService=https://localhost:443
Jan 20 23:28:21 raspberrypi cloudflared[37538]: 2024-01-20T22:28:21Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: tls: failed to verify certificate: x509: certificate is valid for *.njordstudio.com, njordstudio.com, www.njordstudio.com, not localhost" connIndex=3 dest=http://www.njordstudio.com/ event=0 ip=198.41.192.227 type=http
If I connect to the IP on LAN it works fine, so the server is running.
And so do the ssh with this settings:
hostname: ssh.njordstudio.com
service: ssh://localhost:22
So the rest in cloudflared/conf.conf seems to be right, but the errorcode from systemctl status cloudflared.service
says otherwise
Now I get this instead
Should I change somthing in the nginx.conf now ?
Do not know if this helps:
~ curl -I https://njordstudio.com
HTTP/2 400
date: Sat, 20 Jan 2024 22:57:06 GMT
content-type: text/html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=pd3Zt%2F91l%2F9sNXeWQqaFtqE2jwlDNknyIg9l3PUrZ6Hz9Y5DX2bb%2FD61yq9chSKrm8EENxkCm4KHsFnJCEGmPtqnfvSuB060%2BTZ9Bz%2Bcu%2BFSsKg8emvgMzwa6pVFoNvgJIE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 848aea216982ac22-GOT
alt-svc: h3=":443"; ma=86400
Ok, now it looks like this and I have restarted and it says the same error:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name njordstudio.com www.njordstudio.com;
root /usr/share/nginx/html;
index index.html index.htm;
}
server {
listen 443 ssl;
server_name njordstudio.com www.njordstudio.com;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
try_files $uri $uri/ /index.html;
}
# Error pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# SSL Configuration
ssl_certificate /etc/ssl/cert.crt;
ssl_certificate_key /etc/ssl/private.key;
# TLS Authentication
# ssl_verify_client on;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
}
}
Did you update your tunnel config to use http and connect to port 80?
Yes I updated the tunnel config and restarted it. And I enter http://www.njordstudio.com/ but it takes me to https://..
Cloudflare will redirect you to HTTPS unless you have the option disabled. Your tunnel config should look like
But with the spaces fixed
aha so no 443, but will SSL work then ?
So with tunnels there are 3 places for encryption. User -> cloudflare -> tunnel -> origin. Cloudflare will auto handle security from user to your tunnel. You can have SSL from tunnel to nginx if you want but not really needed as it is localhost
aha, am trying this now š
cloudflared.service - Cloudflared Tunnel
Loaded: loaded (/etc/systemd/system/cloudflared.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Sun 2024-01-21 00:25:36 CET; 2s ago
Process: 44615 ExecStart=/usr/bin/cloudflared tunnel --no-autoupdate --config /home/haffy/.cloudflared/config.yml run (code=exited, status=1/FAILURE)
Main PID: 44615 (code=exited, status=1/FAILURE)
CPU: 95ms
sorry
http://localhost should not hav e / at the end
NOW IT WORKS !!
Thank you guys, this have save me allot of sleeplessness tonight (another night, was going for the hatrick of sleepless night here)